OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 25 matching lines...) Expand all Loading... |
36 #include "core/inspector/ConsoleMessage.h" | 36 #include "core/inspector/ConsoleMessage.h" |
37 #include "core/loader/DocumentLoader.h" | 37 #include "core/loader/DocumentLoader.h" |
38 #include "core/loader/FrameLoader.h" | 38 #include "core/loader/FrameLoader.h" |
39 #include "core/loader/FrameLoaderClient.h" | 39 #include "core/loader/FrameLoaderClient.h" |
40 #include "platform/RuntimeEnabledFeatures.h" | 40 #include "platform/RuntimeEnabledFeatures.h" |
41 #include "platform/network/NetworkUtils.h" | 41 #include "platform/network/NetworkUtils.h" |
42 #include "platform/weborigin/SchemeRegistry.h" | 42 #include "platform/weborigin/SchemeRegistry.h" |
43 #include "platform/weborigin/SecurityOrigin.h" | 43 #include "platform/weborigin/SecurityOrigin.h" |
44 #include "public/platform/WebAddressSpace.h" | 44 #include "public/platform/WebAddressSpace.h" |
45 #include "public/platform/WebInsecureRequestPolicy.h" | 45 #include "public/platform/WebInsecureRequestPolicy.h" |
| 46 #include "public/platform/WebMixedContent.h" |
| 47 #include "public/platform/WebMixedContentContextType.h" |
46 #include "wtf/text/StringBuilder.h" | 48 #include "wtf/text/StringBuilder.h" |
47 | 49 |
48 namespace blink { | 50 namespace blink { |
49 | 51 |
50 namespace { | 52 namespace { |
51 | 53 |
52 // When a frame is local, use its full URL to represent the main resource. When | 54 // When a frame is local, use its full URL to represent the main resource. When |
53 // the frame is remote, the full URL isn't accessible, so use the origin. This | 55 // the frame is remote, the full URL isn't accessible, so use the origin. This |
54 // function is used, for example, to determine the URL to show in console | 56 // function is used, for example, to determine the URL to show in console |
55 // messages about mixed content. | 57 // messages about mixed content. |
56 KURL mainResourceUrlForFrame(Frame* frame) { | 58 KURL mainResourceUrlForFrame(Frame* frame) { |
57 if (frame->isRemoteFrame()) { | 59 if (frame->isRemoteFrame()) { |
58 return KURL(KURL(), | 60 return KURL(KURL(), |
59 frame->securityContext()->getSecurityOrigin()->toString()); | 61 frame->securityContext()->getSecurityOrigin()->toString()); |
60 } | 62 } |
61 return toLocalFrame(frame)->document()->url(); | 63 return toLocalFrame(frame)->document()->url(); |
62 } | 64 } |
63 | 65 |
| 66 const char* requestContextName(WebURLRequest::RequestContext context) { |
| 67 switch (context) { |
| 68 case WebURLRequest::RequestContextAudio: |
| 69 return "audio file"; |
| 70 case WebURLRequest::RequestContextBeacon: |
| 71 return "Beacon endpoint"; |
| 72 case WebURLRequest::RequestContextCSPReport: |
| 73 return "Content Security Policy reporting endpoint"; |
| 74 case WebURLRequest::RequestContextDownload: |
| 75 return "download"; |
| 76 case WebURLRequest::RequestContextEmbed: |
| 77 return "plugin resource"; |
| 78 case WebURLRequest::RequestContextEventSource: |
| 79 return "EventSource endpoint"; |
| 80 case WebURLRequest::RequestContextFavicon: |
| 81 return "favicon"; |
| 82 case WebURLRequest::RequestContextFetch: |
| 83 return "resource"; |
| 84 case WebURLRequest::RequestContextFont: |
| 85 return "font"; |
| 86 case WebURLRequest::RequestContextForm: |
| 87 return "form action"; |
| 88 case WebURLRequest::RequestContextFrame: |
| 89 return "frame"; |
| 90 case WebURLRequest::RequestContextHyperlink: |
| 91 return "resource"; |
| 92 case WebURLRequest::RequestContextIframe: |
| 93 return "frame"; |
| 94 case WebURLRequest::RequestContextImage: |
| 95 return "image"; |
| 96 case WebURLRequest::RequestContextImageSet: |
| 97 return "image"; |
| 98 case WebURLRequest::RequestContextImport: |
| 99 return "HTML Import"; |
| 100 case WebURLRequest::RequestContextInternal: |
| 101 return "resource"; |
| 102 case WebURLRequest::RequestContextLocation: |
| 103 return "resource"; |
| 104 case WebURLRequest::RequestContextManifest: |
| 105 return "manifest"; |
| 106 case WebURLRequest::RequestContextObject: |
| 107 return "plugin resource"; |
| 108 case WebURLRequest::RequestContextPing: |
| 109 return "hyperlink auditing endpoint"; |
| 110 case WebURLRequest::RequestContextPlugin: |
| 111 return "plugin data"; |
| 112 case WebURLRequest::RequestContextPrefetch: |
| 113 return "prefetch resource"; |
| 114 case WebURLRequest::RequestContextScript: |
| 115 return "script"; |
| 116 case WebURLRequest::RequestContextServiceWorker: |
| 117 return "Service Worker script"; |
| 118 case WebURLRequest::RequestContextSharedWorker: |
| 119 return "Shared Worker script"; |
| 120 case WebURLRequest::RequestContextStyle: |
| 121 return "stylesheet"; |
| 122 case WebURLRequest::RequestContextSubresource: |
| 123 return "resource"; |
| 124 case WebURLRequest::RequestContextTrack: |
| 125 return "Text Track"; |
| 126 case WebURLRequest::RequestContextUnspecified: |
| 127 return "resource"; |
| 128 case WebURLRequest::RequestContextVideo: |
| 129 return "video"; |
| 130 case WebURLRequest::RequestContextWorker: |
| 131 return "Worker script"; |
| 132 case WebURLRequest::RequestContextXMLHttpRequest: |
| 133 return "XMLHttpRequest endpoint"; |
| 134 case WebURLRequest::RequestContextXSLT: |
| 135 return "XSLT"; |
| 136 } |
| 137 NOTREACHED(); |
| 138 return "resource"; |
| 139 } |
| 140 |
64 } // namespace | 141 } // namespace |
65 | 142 |
66 static void measureStricterVersionOfIsMixedContent(Frame* frame, | 143 static void measureStricterVersionOfIsMixedContent(Frame* frame, |
67 const KURL& url) { | 144 const KURL& url) { |
68 // We're currently only checking for mixed content in `https://*` contexts. | 145 // We're currently only checking for mixed content in `https://*` contexts. |
69 // What about other "secure" contexts the SchemeRegistry knows about? We'll | 146 // What about other "secure" contexts the SchemeRegistry knows about? We'll |
70 // use this method to measure the occurance of non-webby mixed content to make | 147 // use this method to measure the occurance of non-webby mixed content to make |
71 // sure we're not breaking the world without realizing it. | 148 // sure we're not breaking the world without realizing it. |
72 SecurityOrigin* origin = frame->securityContext()->getSecurityOrigin(); | 149 SecurityOrigin* origin = frame->securityContext()->getSecurityOrigin(); |
73 if (MixedContentChecker::isMixedContent(origin, url)) { | 150 if (MixedContentChecker::isMixedContent(origin, url)) { |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
143 void MixedContentChecker::logToConsoleAboutFetch( | 220 void MixedContentChecker::logToConsoleAboutFetch( |
144 LocalFrame* frame, | 221 LocalFrame* frame, |
145 const KURL& mainResourceUrl, | 222 const KURL& mainResourceUrl, |
146 const KURL& url, | 223 const KURL& url, |
147 WebURLRequest::RequestContext requestContext, | 224 WebURLRequest::RequestContext requestContext, |
148 bool allowed) { | 225 bool allowed) { |
149 String message = String::format( | 226 String message = String::format( |
150 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an " | 227 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an " |
151 "insecure %s '%s'. %s", | 228 "insecure %s '%s'. %s", |
152 mainResourceUrl.elidedString().utf8().data(), | 229 mainResourceUrl.elidedString().utf8().data(), |
153 WebMixedContent::requestContextName(requestContext), | 230 requestContextName(requestContext), url.elidedString().utf8().data(), |
154 url.elidedString().utf8().data(), | |
155 allowed ? "This content should also be served over HTTPS." | 231 allowed ? "This content should also be served over HTTPS." |
156 : "This request has been blocked; the content must be served " | 232 : "This request has been blocked; the content must be served " |
157 "over HTTPS."); | 233 "over HTTPS."); |
158 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel; | 234 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel; |
159 frame->document()->addConsoleMessage( | 235 frame->document()->addConsoleMessage( |
160 ConsoleMessage::create(SecurityMessageSource, messageLevel, message)); | 236 ConsoleMessage::create(SecurityMessageSource, messageLevel, message)); |
161 } | 237 } |
162 | 238 |
163 // static | 239 // static |
164 void MixedContentChecker::count(Frame* frame, | 240 void MixedContentChecker::count(Frame* frame, |
165 WebURLRequest::RequestContext requestContext) { | 241 WebURLRequest::RequestContext requestContext) { |
166 UseCounter::count(frame, UseCounter::MixedContentPresent); | 242 UseCounter::count(frame, UseCounter::MixedContentPresent); |
167 | 243 |
168 // Roll blockable content up into a single counter, count unblocked types | 244 // Roll blockable content up into a single counter, count unblocked types |
169 // individually so we can determine when they can be safely moved to the | 245 // individually so we can determine when they can be safely moved to the |
170 // blockable category: | 246 // blockable category: |
171 WebMixedContent::ContextType contextType = | 247 WebMixedContentContextType contextType = |
172 WebMixedContent::contextTypeFromRequestContext( | 248 WebMixedContent::contextTypeFromRequestContext( |
173 requestContext, | 249 requestContext, |
174 frame->settings()->getStrictMixedContentCheckingForPlugin()); | 250 frame->settings()->getStrictMixedContentCheckingForPlugin()); |
175 if (contextType == WebMixedContent::ContextType::Blockable) { | 251 if (contextType == WebMixedContentContextType::Blockable) { |
176 UseCounter::count(frame, UseCounter::MixedContentBlockable); | 252 UseCounter::count(frame, UseCounter::MixedContentBlockable); |
177 return; | 253 return; |
178 } | 254 } |
179 | 255 |
180 UseCounter::Feature feature; | 256 UseCounter::Feature feature; |
181 switch (requestContext) { | 257 switch (requestContext) { |
182 case WebURLRequest::RequestContextAudio: | 258 case WebURLRequest::RequestContextAudio: |
183 feature = UseCounter::MixedContentAudio; | 259 feature = UseCounter::MixedContentAudio; |
184 break; | 260 break; |
185 case WebURLRequest::RequestContextDownload: | 261 case WebURLRequest::RequestContextDownload: |
(...skipping 26 matching lines...) Expand all Loading... |
212 } | 288 } |
213 | 289 |
214 // static | 290 // static |
215 bool MixedContentChecker::shouldBlockFetch( | 291 bool MixedContentChecker::shouldBlockFetch( |
216 LocalFrame* frame, | 292 LocalFrame* frame, |
217 WebURLRequest::RequestContext requestContext, | 293 WebURLRequest::RequestContext requestContext, |
218 WebURLRequest::FrameType frameType, | 294 WebURLRequest::FrameType frameType, |
219 ResourceRequest::RedirectStatus redirectStatus, | 295 ResourceRequest::RedirectStatus redirectStatus, |
220 const KURL& url, | 296 const KURL& url, |
221 MixedContentChecker::ReportingStatus reportingStatus) { | 297 MixedContentChecker::ReportingStatus reportingStatus) { |
| 298 // Frame-level loads are checked by the browser. No need to check them again |
| 299 // here. |
| 300 if (frame->settings()->getBrowserSideNavigationEnabled() && |
| 301 frameType != WebURLRequest::FrameTypeNone) { |
| 302 return false; |
| 303 } |
| 304 |
222 Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); | 305 Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); |
223 Frame* mixedFrame = | 306 Frame* mixedFrame = |
224 inWhichFrameIsContentMixed(effectiveFrame, frameType, url); | 307 inWhichFrameIsContentMixed(effectiveFrame, frameType, url); |
225 if (!mixedFrame) | 308 if (!mixedFrame) |
226 return false; | 309 return false; |
227 | 310 |
228 MixedContentChecker::count(mixedFrame, requestContext); | 311 MixedContentChecker::count(mixedFrame, requestContext); |
229 if (ContentSecurityPolicy* policy = | 312 if (ContentSecurityPolicy* policy = |
230 frame->securityContext()->contentSecurityPolicy()) | 313 frame->securityContext()->contentSecurityPolicy()) |
231 policy->reportMixedContent(url, redirectStatus); | 314 policy->reportMixedContent(url, redirectStatus); |
232 | 315 |
233 Settings* settings = mixedFrame->settings(); | 316 Settings* settings = mixedFrame->settings(); |
234 // Use the current local frame's client; the embedder doesn't distinguish | 317 // Use the current local frame's client; the embedder doesn't distinguish |
235 // mixed content signals from different frames on the same page. | 318 // mixed content signals from different frames on the same page. |
236 FrameLoaderClient* client = frame->loader().client(); | 319 FrameLoaderClient* client = frame->loader().client(); |
237 SecurityOrigin* securityOrigin = | 320 SecurityOrigin* securityOrigin = |
238 mixedFrame->securityContext()->getSecurityOrigin(); | 321 mixedFrame->securityContext()->getSecurityOrigin(); |
239 bool allowed = false; | 322 bool allowed = false; |
240 | 323 |
241 // If we're in strict mode, we'll automagically fail everything, and | 324 // If we're in strict mode, we'll automagically fail everything, and |
242 // intentionally skip the client checks in order to prevent degrading the | 325 // intentionally skip the client checks in order to prevent degrading the |
243 // site's security UI. | 326 // site's security UI. |
244 bool strictMode = mixedFrame->securityContext()->getInsecureRequestPolicy() & | 327 bool strictMode = mixedFrame->securityContext()->getInsecureRequestPolicy() & |
245 kBlockAllMixedContent || | 328 kBlockAllMixedContent || |
246 settings->getStrictMixedContentChecking(); | 329 settings->getStrictMixedContentChecking(); |
247 | 330 |
248 WebMixedContent::ContextType contextType = | 331 WebMixedContentContextType contextType = |
249 WebMixedContent::contextTypeFromRequestContext( | 332 WebMixedContent::contextTypeFromRequestContext( |
250 requestContext, settings->getStrictMixedContentCheckingForPlugin()); | 333 requestContext, settings->getStrictMixedContentCheckingForPlugin()); |
251 | 334 |
252 // If we're loading the main resource of a subframe, we need to take a close | 335 // If we're loading the main resource of a subframe, we need to take a close |
253 // look at the loaded URL. If we're dealing with a CORS-enabled scheme, then | 336 // look at the loaded URL. If we're dealing with a CORS-enabled scheme, then |
254 // block mixed frames as active content. Otherwise, treat frames as passive | 337 // block mixed frames as active content. Otherwise, treat frames as passive |
255 // content. | 338 // content. |
256 // | 339 // |
257 // FIXME: Remove this temporary hack once we have a reasonable API for | 340 // FIXME: Remove this temporary hack once we have a reasonable API for |
258 // launching external applications via URLs. http://crbug.com/318788 and | 341 // launching external applications via URLs. http://crbug.com/318788 and |
259 // https://crbug.com/393481 | 342 // https://crbug.com/393481 |
260 if (frameType == WebURLRequest::FrameTypeNested && | 343 if (frameType == WebURLRequest::FrameTypeNested && |
261 !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol())) | 344 !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol())) |
262 contextType = WebMixedContent::ContextType::OptionallyBlockable; | 345 contextType = WebMixedContentContextType::OptionallyBlockable; |
263 | 346 |
264 switch (contextType) { | 347 switch (contextType) { |
265 case WebMixedContent::ContextType::OptionallyBlockable: | 348 case WebMixedContentContextType::OptionallyBlockable: |
266 allowed = !strictMode; | 349 allowed = !strictMode; |
267 if (allowed) { | 350 if (allowed) { |
268 client->passiveInsecureContentFound(url); | 351 client->passiveInsecureContentFound(url); |
269 client->didDisplayInsecureContent(); | 352 client->didDisplayInsecureContent(); |
270 } | 353 } |
271 break; | 354 break; |
272 | 355 |
273 case WebMixedContent::ContextType::Blockable: { | 356 case WebMixedContentContextType::Blockable: { |
274 // Strictly block subresources that are mixed with respect to their | 357 // Strictly block subresources that are mixed with respect to their |
275 // subframes, unless all insecure content is allowed. This is to avoid the | 358 // subframes, unless all insecure content is allowed. This is to avoid the |
276 // following situation: https://a.com embeds https://b.com, which loads a | 359 // following situation: https://a.com embeds https://b.com, which loads a |
277 // script over insecure HTTP. The user opts to allow the insecure content, | 360 // script over insecure HTTP. The user opts to allow the insecure content, |
278 // thinking that they are allowing an insecure script to run on | 361 // thinking that they are allowing an insecure script to run on |
279 // https://a.com and not realizing that they are in fact allowing an | 362 // https://a.com and not realizing that they are in fact allowing an |
280 // insecure script on https://b.com. | 363 // insecure script on https://b.com. |
281 if (!settings->getAllowRunningOfInsecureContent() && | 364 if (!settings->getAllowRunningOfInsecureContent() && |
282 requestIsSubframeSubresource(effectiveFrame, frameType) && | 365 requestIsSubframeSubresource(effectiveFrame, frameType) && |
283 isMixedContent(frame->securityContext()->getSecurityOrigin(), url)) { | 366 isMixedContent(frame->securityContext()->getSecurityOrigin(), url)) { |
(...skipping 11 matching lines...) Expand all Loading... |
295 client->allowRunningInsecureContent( | 378 client->allowRunningInsecureContent( |
296 settings && settings->getAllowRunningOfInsecureContent(), | 379 settings && settings->getAllowRunningOfInsecureContent(), |
297 securityOrigin, url); | 380 securityOrigin, url); |
298 if (allowed) { | 381 if (allowed) { |
299 client->didRunInsecureContent(securityOrigin, url); | 382 client->didRunInsecureContent(securityOrigin, url); |
300 UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllowed); | 383 UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllowed); |
301 } | 384 } |
302 break; | 385 break; |
303 } | 386 } |
304 | 387 |
305 case WebMixedContent::ContextType::ShouldBeBlockable: | 388 case WebMixedContentContextType::ShouldBeBlockable: |
306 allowed = !strictMode; | 389 allowed = !strictMode; |
307 if (allowed) | 390 if (allowed) |
308 client->didDisplayInsecureContent(); | 391 client->didDisplayInsecureContent(); |
309 break; | 392 break; |
310 case WebMixedContent::ContextType::NotMixedContent: | 393 case WebMixedContentContextType::NotMixedContent: |
311 NOTREACHED(); | 394 NOTREACHED(); |
312 break; | 395 break; |
313 }; | 396 }; |
314 | 397 |
315 if (reportingStatus == SendReport) { | 398 if (reportingStatus == SendReport) { |
316 logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url, | 399 logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url, |
317 requestContext, allowed); | 400 requestContext, allowed); |
318 } | 401 } |
319 return !allowed; | 402 return !allowed; |
320 } | 403 } |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
468 Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); | 551 Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); |
469 if (frameType == WebURLRequest::FrameTypeTopLevel || !effectiveFrame) | 552 if (frameType == WebURLRequest::FrameTypeTopLevel || !effectiveFrame) |
470 return; | 553 return; |
471 | 554 |
472 // Use the current local frame's client; the embedder doesn't distinguish | 555 // Use the current local frame's client; the embedder doesn't distinguish |
473 // mixed content signals from different frames on the same page. | 556 // mixed content signals from different frames on the same page. |
474 FrameLoaderClient* client = frame->loader().client(); | 557 FrameLoaderClient* client = frame->loader().client(); |
475 bool strictMixedContentCheckingForPlugin = | 558 bool strictMixedContentCheckingForPlugin = |
476 effectiveFrame->settings() && | 559 effectiveFrame->settings() && |
477 effectiveFrame->settings()->getStrictMixedContentCheckingForPlugin(); | 560 effectiveFrame->settings()->getStrictMixedContentCheckingForPlugin(); |
478 WebMixedContent::ContextType contextType = | 561 WebMixedContentContextType contextType = |
479 WebMixedContent::contextTypeFromRequestContext( | 562 WebMixedContent::contextTypeFromRequestContext( |
480 requestContext, strictMixedContentCheckingForPlugin); | 563 requestContext, strictMixedContentCheckingForPlugin); |
481 if (contextType == WebMixedContent::ContextType::Blockable) { | 564 if (contextType == WebMixedContentContextType::Blockable) { |
482 client->didRunContentWithCertificateErrors(response.url()); | 565 client->didRunContentWithCertificateErrors(response.url()); |
483 } else { | 566 } else { |
484 // contextTypeFromRequestContext() never returns NotMixedContent (it | 567 // contextTypeFromRequestContext() never returns NotMixedContent (it |
485 // computes the type of mixed content, given that the content is mixed). | 568 // computes the type of mixed content, given that the content is mixed). |
486 DCHECK_NE(contextType, WebMixedContent::ContextType::NotMixedContent); | 569 DCHECK_NE(contextType, WebMixedContentContextType::NotMixedContent); |
487 client->didDisplayContentWithCertificateErrors(response.url()); | 570 client->didDisplayContentWithCertificateErrors(response.url()); |
488 } | 571 } |
489 } | 572 } |
490 | 573 |
491 WebMixedContent::ContextType MixedContentChecker::contextTypeForInspector( | 574 // static |
| 575 void MixedContentChecker::mixedContentFoundByTheBrowser( |
| 576 LocalFrame* frame, |
| 577 const KURL& mainResourceUrl, |
| 578 const KURL& mixedContentUrl, |
| 579 WebURLRequest::RequestContext requestContext, |
| 580 bool wasAllowed, |
| 581 bool hadRedirect) { |
| 582 logToConsoleAboutFetch(frame, mainResourceUrl, mixedContentUrl, |
| 583 requestContext, wasAllowed); |
| 584 ContentSecurityPolicy* policy = |
| 585 frame->securityContext()->contentSecurityPolicy(); |
| 586 if (policy) { |
| 587 policy->reportMixedContent( |
| 588 mixedContentUrl, hadRedirect |
| 589 ? ResourceRequest::RedirectStatus::FollowedRedirect |
| 590 : ResourceRequest::RedirectStatus::NoRedirect); |
| 591 } |
| 592 } |
| 593 |
| 594 WebMixedContentContextType MixedContentChecker::contextTypeForInspector( |
492 LocalFrame* frame, | 595 LocalFrame* frame, |
493 const ResourceRequest& request) { | 596 const ResourceRequest& request) { |
494 Frame* effectiveFrame = | 597 Frame* effectiveFrame = |
495 effectiveFrameForFrameType(frame, request.frameType()); | 598 effectiveFrameForFrameType(frame, request.frameType()); |
496 | 599 |
497 Frame* mixedFrame = inWhichFrameIsContentMixed( | 600 Frame* mixedFrame = inWhichFrameIsContentMixed( |
498 effectiveFrame, request.frameType(), request.url()); | 601 effectiveFrame, request.frameType(), request.url()); |
499 if (!mixedFrame) | 602 if (!mixedFrame) |
500 return WebMixedContent::ContextType::NotMixedContent; | 603 return WebMixedContentContextType::NotMixedContent; |
501 | 604 |
502 // See comment in shouldBlockFetch() about loading the main resource of a | 605 // See comment in shouldBlockFetch() about loading the main resource of a |
503 // subframe. | 606 // subframe. |
504 if (request.frameType() == WebURLRequest::FrameTypeNested && | 607 if (request.frameType() == WebURLRequest::FrameTypeNested && |
505 !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled( | 608 !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled( |
506 request.url().protocol())) { | 609 request.url().protocol())) { |
507 return WebMixedContent::ContextType::OptionallyBlockable; | 610 return WebMixedContentContextType::OptionallyBlockable; |
508 } | 611 } |
509 | 612 |
510 bool strictMixedContentCheckingForPlugin = | 613 bool strictMixedContentCheckingForPlugin = |
511 mixedFrame->settings() && | 614 mixedFrame->settings() && |
512 mixedFrame->settings()->getStrictMixedContentCheckingForPlugin(); | 615 mixedFrame->settings()->getStrictMixedContentCheckingForPlugin(); |
513 return WebMixedContent::contextTypeFromRequestContext( | 616 return WebMixedContent::contextTypeFromRequestContext( |
514 request.requestContext(), strictMixedContentCheckingForPlugin); | 617 request.requestContext(), strictMixedContentCheckingForPlugin); |
515 } | 618 } |
516 | 619 |
517 } // namespace blink | 620 } // namespace blink |
OLD | NEW |